CVE-2022-2654 Classima < 2.1.11 - Reflected Cross-Site Scripting

2022-09-1608:40:31

CWE-79

WPScan

www.cve.org

0.001 Low

EPSS

Percentile

40.3%

JSON

The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting

CNA Affected

[
  {
    "product": "Classified Listing – Classified ads & Business Directory Plugin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.2.14",
        "status": "affected",
        "version": "2.2.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Classified Listing Pro - Classified ads & Business Directory Plugin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.0.20",
        "status": "affected",
        "version": "2.0.20",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Classified Listing Store & Membership Addon",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.4.20",
        "status": "affected",
        "version": "1.4.20",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Classima Core",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.10",
        "status": "affected",
        "version": "1.10",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Classima",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.1.11",
        "status": "affected",
        "version": "2.1.11",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993

0.001 Low

EPSS

Percentile

40.3%

JSON

Related for CVELIST:CVE-2022-2654